<?php
include "include/global.php";
$xtpl = new XTemplate ("login.html");

$username=$_POST['username'];
//echo $loginAdminID = $_SESSION['loginAdminID'];
//$loginAdminID =READ_SESSION("loginAdminID");
if($loginAdminID){
	echo "<script language = 'javascript'>
		location.href = 'user/user.php';
	   </script>";
	exit(); 	
}else if($_POST['username']){	
    $strSQL="select * from ".pre_table."admin where username ='$username'";        
	$rsAdmin = execSQL($strSQL) ;
	if(!mysql_num_rows($rsAdmin))
	{
		echo "
		<script language='javascript'>
			alert('Username not found!'); 
			window.history.back(-1);		
		</script>";
		exit;
	}else{ 
		$password=md5(trim($_POST['password']));
		if ($password!=trim(mysql_result($rsAdmin,0,2))){
		  echo "<script language='javascript'>
				alert('Password not avaid!'); 
				window.history.back(-1);		
			</script>";
			exit;
		}
		$loginAdminID=trim($username); 
		WRITE_SESSION("loginAdminID", $loginAdminID);

		$LoginTime = Date("Y-m-d H:i:s");
		$sql="UPDATE ".pre_table."admin SET logintime='$LoginTime' WHERE username='$username'"; 
		execSQL($sql);
		//
		$sql2="SELECT id FROM ".pre_table."admin WHERE username='$username'";
		$rs2=recordset($sql2);

		$AdminID=$rs2['id'];
		WRITE_SESSION("AdminID", $AdminID);
		
		WRITE_SESSION("SES_LANG", $_POST['lang']);
		//
		echo "<script language = 'javascript'>
			location.href = 'user/user.php';
			</script>";
		exit(); 	
	}
}

//////////////////////////////////////
$xtpl->parse("main");	
$xtpl->out("main");			
?>

